Release Date: June 30, 2026

The ServiceNow issue-tracking integration now covers Public Monitoring and Honeytoken events alongside Internal Monitoring, and brings the Smart Notifier filters to ServiceNow. You choose which incidents flow into ServiceNow and which events appear on their tickets, keeping your ticketing scoped to what matters.

What's new?

Event Group Selection: Choose whether ServiceNow creates tickets for Internal monitoring, Public monitoring, or Honeytoken events.

Public Monitoring Support: Route public monitoring incidents to ServiceNow, so secrets exposed on public sources are tracked in the same workflow as your internal incidents.

Honeytoken Support: Create ServiceNow tickets for honeytoken events, bringing decoy alerts into your remediation workflow.

Granular Event Subscription: Previously, you could not choose which events reached ServiceNow. The new Notify when section now lets you select them. The New incident detected event (always included) creates the ticket; the other events you select are posted as comments on that same ticket, keeping the full incident history in one place. For Internal and Public Monitoring, use filters and presets - by severity, risk score, validity, secret type, or tag - to refine the selection, or start from scratch.

Why is this important?

Security teams need ticketing scoped to their remediation work. Event group selection and granular subscription route only the incidents you care about into ServiceNow, cutting noise. Public Monitoring and Honeytoken support bring perimeter and decoy alerts into the same workflow as internal incidents.

Get Started Today!

Available for all workspaces. Existing ServiceNow integrations keep their current settings, and new configurations can enable the expanded event coverage.

Learn more about the ServiceNow integration | Configure honeytoken alerts

Enhancements​

• Sources health management — Confluence Cloud, Slack, Gerrit, and Microsoft SharePoint Online: GitGuardian now pauses real-time ingestion and historical scans on unreachable Confluence Cloud, Slack, Gerrit, and Microsoft SharePoint Online sources, auto-resumes them once health is restored, and surfaces an actionable recovery step. Rolling out to more integrations in upcoming releases. See the integration guides for Confluence Cloud, Slack, Gerrit, and Microsoft SharePoint Online.
• Incident Notifications: Incident notifications in Slack and Microsoft Teams now include the risk score and severity information.
• AWS Marketplace: Added support for a second AWS Marketplace seller account (GitGuardian Inc., US entity), enabling US customers to transact through the US listing while existing customers continue through the original French listing.
• Public API: Added a new API endpoint to retrieve the activity log of a secret incident, enabling automation and monitoring workflows. Learn more.

Fixes​

• Incident assignment: Assigning a secret incident now automatically grants the assignee the access they need. Previously, an assignee without access could receive the notification email but be unable to open the incident.
• Incident details: Fixed an issue where the incident detail view could display the wrong secret line when privacy mode was enabled, due to position misalignment caused by content obfuscation.
• Custom tags: Fixed an issue where members were unable to remove the last custom tag from an incident.
• Custom webhooks: Creating a webhook with an unreachable URL now shows a clear error message instead of failing with a generic server error.
• Playbooks: Fixed unexpected behavior with the auto-grant developer access playbook where access was not correctly applied in certain configurations.
• Activity logs: The auto-grant access playbook now records an entry in the related issue's activity log, consistent with other playbooks.
• JFrog Container Registry: Fixed an issue where only the first ~200 repositories were discovered, leaving the rest unmonitored and sometimes flagged as deleted. All repositories are now discovered.
• GitLab: Fixed a health check that could incorrectly mark a reachable GitLab instance as unavailable when its endpoint returned a 4xx response.